[1a] Project scaffolding + core schema

[andrmaz]

Summary

This PR sets up the TypeScript monorepo infrastructure and defines the foundational Prisma schema for the Cortex platform.

Changes

Monorepo Configuration

• Fixed all package references from @repo/* to @cortex/* namespace
• Added check-types and build scripts to db and shared packages
• Updated turbo.json with proper output configurations
• Added .prettierignore to exclude generated files

Prisma Schema (packages/db)

• Organization: Tenant boundary representing one customer company
• User: Authenticated identity with Google SSO, belonging to one Organization
• Department: Policy scope within an Organization
• UserDepartment: Join table for many-to-many user-department mapping with primary department designation
• Source: Upstream knowledge origins (uploads, Slack, Confluence)
• Document: Normalized content units for retrieval
• Chunk: Retrievable segments with embedding support
• Policy: Versioned department-scoped rule sets
• QueryLog: Immutable audit records

All models include:

• Proper foreign key relationships with cascade deletes
• Indexes for common query patterns
• Organization-scoped unique constraints where appropriate

CI/CD

• Added GitHub Actions workflow (.github/workflows/ci.yml) with:
  • Type checking
  • Linting
  • Build verification
  • Prisma schema validation

Infrastructure

• docker-compose.yml provides PostgreSQL 16 and Redis 7
• Initial migration SQL created at packages/db/prisma/migrations/0001_initial_schema/

Verification

# All passing:
pnpm install          # ✅
pnpm check-types      # ✅
pnpm build            # ✅
pnpm lint             # ✅
pnpm --filter db db:validate  # ✅

Acceptance Criteria

• Monorepo structure boots cleanly (pnpm install, pnpm check-types, pnpm build)
• docker-compose up starts PostgreSQL and Redis with no manual steps
• Prisma schema includes Organization, User, Department, UserDepartment models and passes prisma validate
• First migration is created and baseline CI passes

  

Summary by CodeRabbit

• New Features

  • Established comprehensive database schema supporting multi-tenant organizations, users, departments, and policy management
  • Added audit logging for query tracking and policy decisions

• Chores

  • Configured CI/CD pipeline with automated linting, type checking, building, and schema validation
  • Updated project configuration files and build tooling for improved development workflow
  • Restructured shared configuration and package exports across the monorepo

[coderabbitai]

Warning

Review limit reached

@andrmaz, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 minute and 22 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f0f311f6-e360-48d0-a1f8-31179f74b57e

📥 Commits

Reviewing files that changed from the base of the PR and between 03047f1 and ba18bae.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (27)

• .github/workflows/ci.yml
• .prettierignore
• README.md
• apps/api/eslint.config.js
• apps/api/package.json
• apps/api/src/app.module.ts
• apps/api/src/main.ts
• apps/api/src/mcp/mcp.controller.ts
• apps/api/src/mcp/mcp.module.ts
• apps/docs/app/page.tsx
• apps/docs/eslint.config.js
• apps/docs/tsconfig.json
• apps/web/app/page.tsx
• apps/web/eslint.config.js
• apps/web/tsconfig.json
• packages/db/package.json
• packages/db/prisma/migrations/0001_initial_schema/migration.sql
• packages/db/prisma/schema.prisma
• packages/db/src/index.ts
• packages/db/tsconfig.json
• packages/shared/package.json
• packages/shared/src/index.ts
• packages/shared/src/types.ts
• packages/shared/tsconfig.json
• packages/ui/eslint.config.mjs
• packages/ui/tsconfig.json
• turbo.json

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cursor/project-scaffolding-core-schema-65bb

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[andrmaz]

@cursoragent some checks are failing

[cursor]

Fixed the CI failure. The issue was a version conflict - the GitHub Actions workflow was explicitly specifying version: 9 for pnpm, but package.json already declares "packageManager": "pnpm@9.0.0". The pnpm/action-setup@v4 action detects both specifications and fails to prevent version mismatches.

I removed the explicit version: 9 from all three jobs in the workflow. The action will now automatically read the pnpm version from the packageManager field in package.json, which is the recommended approach.

The fix has been pushed and CI should re-run automatically.

  

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

packages/db/prisma/schema.prisma (1)

180-195: ⚡ Quick win

Consider adding organizationId and departmentId to QueryLog for direct audit filtering.

The acceptance criteria in plans/cortex-mvp-prd-plan.md state: "Admin can filter logs by time, user, and department." Currently, filtering by department requires joining QueryLog → User → UserDepartment → Department, which is complex and slower for large audit tables.

Adding organizationId and departmentId fields would enable:

• Direct composite indexes on (organizationId, createdAt) and (departmentId, createdAt)
• Simpler query patterns for the admin audit viewer
• Better query performance at scale

📊 Proposed schema enhancement

 model QueryLog {
   id             String   `@id` `@default`(uuid())
   userId         String   `@map`("user_id")
+  organizationId String   `@map`("organization_id")
+  departmentId   String   `@map`("department_id")
   query          String
   contextBundle  Json?    `@map`("context_bundle")
   policyDecision Json?    `@map`("policy_decision")
   response       String?
   createdAt      DateTime `@default`(now())

   // Relations
   user User `@relation`(fields: [userId], references: [id], onDelete: Cascade)
+  organization Organization `@relation`(fields: [organizationId], references: [id], onDelete: Cascade)
+  department   Department   `@relation`(fields: [departmentId], references: [id], onDelete: Cascade)

   @@index([userId])
+  @@index([organizationId, createdAt])
+  @@index([departmentId, createdAt])
   @@index([createdAt])
   @@map("query_logs")
 }

Don't forget to add the queryLogs QueryLog[] relation back-reference to Organization and Department models.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@packages/db/prisma/schema.prisma` around lines 180 - 195, Add nullable
organizationId and departmentId fields to the QueryLog model and create indexes
to support filtering by time (e.g., add organizationId String?
`@map`("organization_id") and departmentId String? `@map`("department_id") and then
@@index([organizationId, createdAt]) and @@index([departmentId, createdAt]));
update the User relation declaration in QueryLog if needed to keep existing
onDelete behavior, and add reciprocal back-reference relations queryLogs on the
Organization and Department models (e.g., Organization.queryLogs and
Department.queryLogs) so Prisma relations remain consistent; ensure field types,
mapping names, and cascade behavior match your existing id fields and re-run
prisma migrate to apply the schema change.

.github/workflows/ci.yml (1)

1-98: ⚡ Quick win

Improve workflow security posture.

Static analysis identified several security improvements:

1. Credential persistence risk: Add persist-credentials: false to checkout steps to prevent credential leakage through artifacts.
2. Overly broad permissions: Add explicit permissions: blocks to restrict what each job can access.
3. Unpinned actions: Pin actions to commit SHAs for supply-chain security.

🔒 Security enhancements

1. Add workflow-level permissions (top of file after concurrency:):

permissions:
  contents: read

2. Update checkout steps to prevent credential persistence:

- name: Checkout
  uses: actions/checkout@v4
  with:
    persist-credentials: false

3. Pin actions to commit SHAs (example for lint-and-typecheck job):

- name: Checkout
  uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
  with:
    persist-credentials: false

- name: Setup pnpm
  uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0

- name: Setup Node.js
  uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
  with:
    node-version: '22'
    cache: 'pnpm'

Apply the same pinning pattern to the build and validate-schema jobs.

As per static analysis hints from zizmor (1.25.2), these changes reduce the risk of credential leakage and supply-chain attacks.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 1 - 98, Add a workflow-level
permissions block after concurrency (permissions: contents: read), set with:
persist-credentials: false on every Checkout step (in jobs lint-and-typecheck,
build, validate-schema) and replace floating action tags with pinned SHAs for
each uses entry (e.g., actions/checkout@v4, pnpm/action-setup@v4,
actions/setup-node@v4) by updating those uses to the repository@<commit-sha>
values; also add restrictive job-level permissions blocks for each job
(lint-and-typecheck, build, validate-schema) to explicitly limit access instead
of inheriting broader rights.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/ci.yml:
- Around line 33-36: The CI step that runs the "Generate Prisma client" job sets
DATABASE_URL to postgresql://localhost:5432/test but does not start a PostgreSQL
service, so add a postgres service to any job that runs Prisma (the job
containing the "Generate Prisma client" step and the other similar steps) using
image postgres:16 with POSTGRES_USER/POSTGRES_PASSWORD/POSTGRES_DB (e.g.,
cortex/cortex/cortex_test) and appropriate health checks, and update the step's
env DATABASE_URL to postgresql://cortex:cortex@localhost:5432/cortex_test so
Prisma can perform full DB-specific validation and migrations; ensure each job
that runs pnpm --filter db db:generate or similar Prisma commands gets the same
services block and env update.

In `@apps/api/src/mcp/mcp.controller.ts`:
- Around line 3-6: The local interface MCPRequestBody narrows the expected
request shape and omits tenant fields; replace the local definition and any
usages (e.g., where MCPRequestBody is used around the MCP controller request
params at lines ~19-20) with the shared MCPRequest contract from packages/shared
(import MCPRequest) so the controller uses the canonical type (MCPRequest)
including organizationId and departmentId; update the import and all references
to use MCPRequest instead of the local MCPRequestBody.

In `@packages/db/prisma/migrations/0001_initial_schema/migration.sql`:
- Around line 38-48: The migration is missing a uniqueness constraint to enforce
one primary department per user; add a partial unique index named
user_departments_one_primary_per_user on the user_departments table targeting
user_id where is_primary = true (i.e., create the index after the
user_departments table definition so the DB enforces at most one row with
is_primary=true per user_id). Ensure the index name is exactly
user_departments_one_primary_per_user and the predicate references is_primary =
true.

In `@packages/db/prisma/schema.prisma`:
- Around line 73-92: Add a DB-level constraint to enforce exactly one primary
department per user by creating a UNIQUE partial index on the user_departments
table for rows where is_primary = true; after the UserDepartment model/table is
created (model: UserDepartment, columns: userId/@map("user_id") and
isPrimary/@map("is_primary")), add a migration SQL statement to create a unique
index like user_departments_one_primary_per_user ON user_departments(user_id)
WHERE is_primary = true (Postgres 9.5+); include a short comment in the
schema/migration documenting this constraint so future maintainers know it
enforces the "one Primary Department per User" business rule.

---

Nitpick comments:
In @.github/workflows/ci.yml:
- Around line 1-98: Add a workflow-level permissions block after concurrency
(permissions: contents: read), set with: persist-credentials: false on every
Checkout step (in jobs lint-and-typecheck, build, validate-schema) and replace
floating action tags with pinned SHAs for each uses entry (e.g.,
actions/checkout@v4, pnpm/action-setup@v4, actions/setup-node@v4) by updating
those uses to the repository@<commit-sha> values; also add restrictive job-level
permissions blocks for each job (lint-and-typecheck, build, validate-schema) to
explicitly limit access instead of inheriting broader rights.

In `@packages/db/prisma/schema.prisma`:
- Around line 180-195: Add nullable organizationId and departmentId fields to
the QueryLog model and create indexes to support filtering by time (e.g., add
organizationId String? `@map`("organization_id") and departmentId String?
`@map`("department_id") and then @@index([organizationId, createdAt]) and
@@index([departmentId, createdAt])); update the User relation declaration in
QueryLog if needed to keep existing onDelete behavior, and add reciprocal
back-reference relations queryLogs on the Organization and Department models
(e.g., Organization.queryLogs and Department.queryLogs) so Prisma relations
remain consistent; ensure field types, mapping names, and cascade behavior match
your existing id fields and re-run prisma migrate to apply the schema change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 86808225-228c-4e61-b45c-14b1ce3bdcc9

📥 Commits

Reviewing files that changed from the base of the PR and between 03047f1 and d7f686e.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (27)

• .github/workflows/ci.yml
• .prettierignore
• README.md
• apps/api/eslint.config.js
• apps/api/package.json
• apps/api/src/app.module.ts
• apps/api/src/main.ts
• apps/api/src/mcp/mcp.controller.ts
• apps/api/src/mcp/mcp.module.ts
• apps/docs/app/page.tsx
• apps/docs/eslint.config.js
• apps/docs/tsconfig.json
• apps/web/app/page.tsx
• apps/web/eslint.config.js
• apps/web/tsconfig.json
• packages/db/package.json
• packages/db/prisma/migrations/0001_initial_schema/migration.sql
• packages/db/prisma/schema.prisma
• packages/db/src/index.ts
• packages/db/tsconfig.json
• packages/shared/package.json
• packages/shared/src/index.ts
• packages/shared/src/types.ts
• packages/shared/tsconfig.json
• packages/ui/eslint.config.mjs
• packages/ui/tsconfig.json
• turbo.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a PostgreSQL service for proper Prisma validation.

The workflow sets DATABASE_URL to postgresql://localhost:5432/test, but there's no PostgreSQL service configured. While prisma generate and basic prisma validate can work without a live database, using a proper PostgreSQL service ensures:

1. Full schema validation including database-specific features (like partial indexes, check constraints)
2. Migration compatibility testing
3. Consistency with the production environment (PostgreSQL 16 per docker-compose.yml)

🐘 Add PostgreSQL service to each job

Add this services block to each job that needs database access:

services:
  postgres:
    image: postgres:16
    env:
      POSTGRES_USER: cortex
      POSTGRES_PASSWORD: cortex
      POSTGRES_DB: cortex_test
    options: >-
      --health-cmd pg_isready
      --health-interval 10s
      --health-timeout 5s
      --health-retries 5
    ports:
      - 5432:5432

Then update the DATABASE_URL to match:

env:
  DATABASE_URL: "postgresql://cortex:cortex@localhost:5432/cortex_test"

Also applies to: 67-70, 94-97

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/ci.yml around lines 33 - 36, The CI step that runs the
"Generate Prisma client" job sets DATABASE_URL to
postgresql://localhost:5432/test but does not start a PostgreSQL service, so add
a postgres service to any job that runs Prisma (the job containing the "Generate
Prisma client" step and the other similar steps) using image postgres:16 with
POSTGRES_USER/POSTGRES_PASSWORD/POSTGRES_DB (e.g., cortex/cortex/cortex_test)
and appropriate health checks, and update the step's env DATABASE_URL to
postgresql://cortex:cortex@localhost:5432/cortex_test so Prisma can perform full
DB-specific validation and migrations; ensure each job that runs pnpm --filter
db db:generate or similar Prisma commands gets the same services block and env
update.

[andrmaz]

@cursoragent some checks are failing

[cursor]

Fixed. The CI was failing because the pnpm-lock.yaml was out of sync after I added @cortex/shared to the API package dependencies. The lockfile has now been updated and pushed. CI should pass on the next run.

  

[coderabbitai]

Note

Unit test generation is a public access feature. Expect some limitations and changes as we gather feedback and continue to improve it.

---

Generating unit tests... This may take up to 20 minutes.

[coderabbitai]

✅ Created PR with unit tests: #21

[andrmaz]

@coderabbitai

[coderabbitai]

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check the CI status of PR `#20`
gh pr checks 20 --repo andrmaz/cortex

Length of output: 464

---

---

@andrmaz It looks like all checks on PR #20 are now passing! ✅

Check	Status
Build	✅ Pass
Lint & Type Check	✅ Pass
Validate Prisma Schema	✅ Pass
CodeRabbit Review	✅ Pass

Is there something specific you'd like me to help with?

[andrmaz]

@coderabbitai code review

[coderabbitai]

@andrmaz Sure! I'll kick off a full review of PR #20 right away.

✅ Action performed

Full review finished.